Enterprise-Capable BYOD

19 Nov 2014

A recent InformationWeek Survey on Mobile Security found that 83% of organizations either support or are planning to support bring your own device (BYOD) initiatives that will allow employees to use their personal smartphones and tablets to access corporate email and other systems. While BYOD has been growing by leaps and bounds, many organizations have not thought through the security exposures and other risks that come with these employee-friendly initiatives. It might be time to reassess your BYOD program and potentially put systems in place that can reduce your exposure going forward.

Many organizations underestimate the magnitude of the change that occurs when they go from a traditional BlackBerry environment with security and policy enforcement provided by a BlackBerry Enterprise Server (BES) to one where any number of different devices with different operating systems, on different software releases, from different manufacturers are all storing sensitive corporate data and accessing corporate systems.

Some organizations have resorted to implementing mobile device management (MDM) systems like those from AirWatch (now a division of VMWare), MobileIron or Good Technologies to help mitigate the risk; however, there are limits to the security capabilities they can provide. MDM solutions can enforce policies like onboard encryption and ensuring there is a strong password to access corporate data that is stored in a secure container on the device, but that's not all you need to protect against.

Frankly, those MDM platforms are more focused on email and data, and companies also need to think about their voice assets as well. Even something as seemingly benign as company contacts can have value to a potential intruder, as they can be a great asset in executing social engineering or targeted spear phishing attacks.

Also, the phone number itself can be an issue. If a user is in a customer-facing position and is passing out their personal cellphone number, what happens if they leave the company? Now you may have a situation where your customers are calling a potentially disgruntled ex-employee who could well be working for one of your competitors! And the employee need not give out the number, as that customer could get the number from the caller ID if the user simply called them from the mobile number.

For some types of businesses, maintaining control of those contact numbers can be critical, but there are instances when employees might want to use their own phones but don't want the number to leak out to their correspondents. Most people think of doctors using their cell phones to call patients, but other examples would include school teachers and administrators, home health care workers, social workers, and parole officers.

The other potential problem with having employees use their own phones, is that there is no way of tracking who they are contacting. All of those communications are outside of the business telephone system, so no PBX call detail records are produced. Most cell phone bills today no not include call detail, so essentially there is no record of who is calling whom or when.

Communication vendors are taking notice, and developing solutions for these problems. One example is ESI, which developed Ditto, a mobile unified communications (UC) app for iOS and Android devices. Working in conjunction with the ESI Cloud PBX, the simultaneous ring feature allows the user to publish one number, their desk number, and receive calls on either their desk phone or their mobile, and the business contacts never need to know the mobile number.

Users get access to the corporate directory, and have the ability to hold, transfer or park calls just as they would on their desk phones. Probably the most convenient feature is the ability to seamlessly move an active call from the desk phone to the mobile so that the conversation can continue if the user needs to leave the office.

We have had mobile UC clients with premises-based UC solutions for several years, although those solutions are far from ideal. New cloud-based UC solutions offer advantages that overcome some of the limitations of premises-based solutions. For example, in most cases for premises-based solution, all mobile calls are routed through the PBX, which means that every mobile call ties up two trunks for the duration of the call - one for the mobile call in, and one for the call to the correspondent. The term "hairpinning" is used to describe this configuration. Cloud-based UC solutions provide a better solution, as the "trunks" are virtual, so it's not an issue for the customer.

The other advantage of using a cloud-based solution is control. Users can set-up access preferences, call forwarding or activate do-not-disturb through a web portal (which can be accessed from their mobile browser) regardless of where they are.

BYOD is now the reality in business communications for many organizations, and IT departments need to understand how they can best support these personally owned mobile devices in an enterprise environment. The key will be to deliver the UC capabilities to mobile users in a fashion that allows the company to maintain control of its contact numbers and monitor its communications while providing a user experience that the mimics what the user has come to expect from their mobile device.

That's a tall order, but achievable.


This paper is sponsored by ESI.

Comments

There are currently no comments on this article.

You must be a registered user to make comments

Related Vendors